Disinformation and covert influence: an introduction

There are countries in our world in which much of what the citizenry thinks it knows is false. In these countries, the accepted understanding of major historical events is in diametric opposition to the objective way that those events actually unfolded. This has been the topic of many well-known works of fiction, among the most prominent being George Orwell’s dystopian novel 1984.

This fiction is a reality for millions of people across the globe.  The Democratic People’s Republic of Korea (DPRK- North Korea), for instance, indoctrinates its citizenry with a very different understanding of how the Korean War unfolded. If an average American met an average North Korean, the two would likely hold irreconcilably different views of the same historical events, and both would be certain that their version was correct. Yet, there must be some objective truth about events of the past, so it becomes critical to explain the differing understandings of these events.     

Entities that control the acquisition, production, and dissemination of information control the future direction of our world by shaping the perceptions of the citizenry. Most western countries have free or mostly-free presses that expose their people to a wide variety of viewpoints. But countries like North Korea and others tightly control the type, content, and amount of media that their citizens are able to consume. Regular North Korean citizens do not have access to the open internet nor do they have access to alternative sources of information beyond those provided to them by their government. Their school system teaches a prescribed, carefully choreographed version of history. The DPRK system of controlling information is so powerful and consuming that few question it.  Those who do are wise to keep their views hidden. This is how the government of Kim Jong-un dictates what becomes the accepted truth within its borders. 

Disinformation and Covert Influence Operations

The power of information makes it an incredibly useful tool. Intelligence organizations leverage information and disinformation to achieve objectives within broader covert influence operations in an effort to further their country’s foreign policy objectives. Covert influence operations come in many forms that involve both real and fabricated information. These operations will often leverage disinformation, which is untrue and specifically intended to deceive. They may also use true information which is nonetheless compromising to the intended target. Russian intelligence organizations refer to compromising information that is true or partially true as “Kompromat.” It is often the most powerful tool in their arsenal because it is based on truth and is thus difficult to effectively refute.  

The United States presidential elections in 2016 brought the topic of disinformation operations to the forefront of western minds. The potential impact of covert influence and disinformation campaigns on such a prominent event brought the topic of covert influence operations out of the murky world of intelligence and into the public sphere. Understanding covert influence operations and how they may be carried out by an adversary is one step in combating it. 

Two crucial elements of information or disinformation-based covert influence operations are the process of acquiring or creating the information, and the process of placing and distributing it.

Information Acquisition And Disinformation Fabrication

The most powerful covert influence operations are often based on truthful or partially truthful information. Disinformation can be woven into the fabric of otherwise truthful information to create a narrative that is both believable and at least partially verifiable. Intelligence organizations leverage truthful information as a means of establishing bona fides for untruthful information. It then becomes challenging for an impartial observer to distinguish the fact from the fiction.

An intelligence organization can acquire truthful, compromising information through any number of means. Some tactics may involve cyber operations targeting a particular individual or group of individuals. After gaining access to their targets’ devices, an organization will search for compromising emails, photographs, text message exchanges, documents, or other evidence of something that they can characterize as malfeasance. This is amplified by the fact that technology companies have pivoted toward cloud-based systems in which a user’s data is populated in duplicate or triplicate on their phone, tablet, laptop, and desktop. iPhone users will find that their iMessage exchanges appear on their iPhone, iPad, and Macbook, all of which are subject to remote or physical exploitation by an interested and capable adversary- access to one device oftentimes means access to all devices. The same goes for other brand families. Browser histories, favorites, and even open browser tabs are automatically transferred between devices. End-to-end encrypted conversations on certain chat programs end up landing unencrypted, in-the-clear, on other user devices. Some programs that encrypt messages and emails in transit will then store those same communications unencrypted in the cloud. All of this is exploitable. 

Once this same concept is extrapolated beyond just the targeted user and applied to all of that user’s contacts, a large and vulnerable target set becomes available. If an adversary cannot access the device of the intended target, it will then move to the devices of that target’s close contacts in the hope of finding an access point to the target’s information. Someone may do a terrific job securing their own devices, but once that information lands on another person’s device (whether that be a compromising or sensitive photo, document, message exchange, etc.) the exploitation cycle begins anew.  It is just a matter of time before the adversary is successful.

Social media friends lists, comments, posts, shares, likes, location check-ins, and all varieties of lesser known meta and advertising data are a wealth of information for interested parties.  Advertising identifier data, supposedly anonymized at the individual level, is available for purchase from companies like Foursquare and sold openly and legally on Amazon Web Services. Correlating that data with publicly available information like property and land records, tax records, and real estate transaction data, along with databases of corporate, personal, and government addresses and corporate registrations can allow an open source analyst to break the anonymity of a particular advertising ID, awarding the analyst with a treasure trove of location data on the individual they’re targeting.      

Moving beyond technical exploitation, an adversary may use old fashioned, tried-and-true methods to acquire information. People and organizations used such methods long before the internet or electronics even existed. Learning information from friends, contacts, and associates is common, as is conducting physical surveillance of a target to learn more about his or her activities. An organization may lure a target into a trap in order to create the exploitable information that they are seeking. A hostile actor may even approach and befriend the target as a means to acquire the most sensitive information.

All of these methods are equally applicable in the creation of a disinformation campaign. In order for disinformation to be most believable, it will ideally be based at least in-part on truthful information. Even if an adversary is unable to acquire any compromising information in its intended target, conducting basic due diligence on that target will reveal a lifestyle and pattern of behaviors off of which the adversary can fabricate a damaging, but false, narrative. Accessing location data is particularly useful, as an adversary can then craft a story based on that data that will become more believable once independent parties verify that the target was, in fact, physically in the location claimed. This can all be done using publicly available information. 

Placement and Dissemination

Acquiring baseline information or creating a false narrative interwoven with true information is an early step in a longer covert influence process. That information only becomes valuable when it is used to influence a particular desired outcome. Placement and dissemination of the information serves this function. 

Just as in advertising, the depth, breadth, and specificity of the audience, as well as the ability to reach that audience, are among the most influential components of a successful campaign. Placement in a reputable news outlet is one ideal outcome. Other desired outcomes include a wide reach on social media or receipt by a particular political interest, although there are many other potential outcomes. The rise and spread of social media over the past two decades has created a platform for direct dissemination of information and disinformation, and has removed many of the traditional gatekeepers to distributing information.       

The organization conducting the influence operation will want to conceal their involvement, so their challenge then becomes transmitting the information to the intended dissemination outlet (typically media) while establishing the credibility of the information and protecting their involvement. This is no easy task. Reputable outlets with wide reach generally do not publish information that is not accompanied by credible sourcing. Thus, feeding disinformation into the news cycle is often a multi-step process. A foreign intelligence organization may approach and recruit a member of the media to assist them in placing their information. The recruitment target may be witting or unwitting of the organization’s true intentions and affiliation.

Alternatively, a foreign intelligence organization may feed the information to someone who is one step removed from a media outlet.  That person will, in turn, provide the information to the source.  The person providing the information for distribution must have some existing credibility, as the foreign intelligence organization will be trading off of that person’s status in order to get their disinformation published. This chain can also be extended further out. The intelligence organization behind the operation may use some of the methods described earlier to identify potential targets, generally using a contact chain to decide where to place their disinformation. They may even create their own ostensibly independent and credible media outlet that they covertly control, a process that may take years. 

Here to Stay

Covert influence and disinformation operations have played a role in politics, intergovernmental affairs, and warfare for thousands of years. The tactics have evolved with technology, but the fundamental components have remained the same. Observers can expect this pattern of behavior to continue into the future. It is reasonable to expect disinformation and covert influence operations to become progressively more common as the ability to proliferate information expands and the world becomes more connected through social media and the 24 hour news cycle. Efforts to combat disinformation will similarly expand, although effectively combating these operations is extraordinarily difficult. In either case, the general public now has a front row seat to the intelligence wars that have traditionally taken place under a shroud of secrecy. These wars will continue to determine the direction our world takes, and will formulate history as future generations see it.